From 3da71585c3aaf6491419893a8c9d085922c0ef2f Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sat, 16 Jul 2022 15:40:10 +0000 Subject: [PATCH] fix(deps): require google-api-core>=1.32.0,>=2.8.0 (#337) - [ ] Regenerate this pull request now. PiperOrigin-RevId: 459095142 Source-Link: https://github.com/googleapis/googleapis/commit/4f1be992601ed740a581a32cedc4e7b6c6a27793 Source-Link: https://github.com/googleapis/googleapis-gen/commit/ae686d9cde4fc3e36d0ac02efb8643b15890c1ed Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYWU2ODZkOWNkZTRmYzNlMzZkMGFjMDJlZmI4NjQzYjE1ODkwYzFlZCJ9 feat: Added contacts field to findings attributes, specifying Essential Contacts defined at org, folder or project level within a GCP org feat: Added process signature fields to the indicator attribute that helps surface multiple types of signature defined IOCs PiperOrigin-RevId: 458537238 Source-Link: https://github.com/googleapis/googleapis/commit/7fdec62959f080693e8e137c7772970cb45ecffd Source-Link: https://github.com/googleapis/googleapis-gen/commit/bb340e3223539a792a204be2a794fb2ad3724f68 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYmIzNDBlMzIyMzUzOWE3OTJhMjA0YmUyYTc5NGZiMmFkMzcyNGY2OCJ9 feat: add audience parameter PiperOrigin-RevId: 456827138 Source-Link: https://github.com/googleapis/googleapis/commit/23f1a157189581734c7a77cddfeb7c5bc1e440ae Source-Link: https://github.com/googleapis/googleapis-gen/commit/4075a8514f676691ec156688a5bbf183aa9893ce Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNDA3NWE4NTE0ZjY3NjY5MWVjMTU2Njg4YTViYmYxODNhYTk4OTNjZSJ9 feat: Add compliances, processes and exfiltration fields to findings attributes They contain compliance information about a security standard indicating unmet recommendations, represents operating system processes, and data exfiltration attempt of one... or more source(s) to one or more target(s). Source(s) represent the source of data that is exfiltrated, and Target(s) represents the destination the data was copied to PiperOrigin-RevId: 452067806 Source-Link: https://github.com/googleapis/googleapis/commit/5bfadd980c361451b4d4a69041e24bb04329dab3 Source-Link: https://github.com/googleapis/googleapis-gen/commit/ae56215246dee968a4eac43b0012d676876e52a4 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYWU1NjIxNTI0NmRlZTk2OGE0ZWFjNDNiMDAxMmQ2NzY4NzZlNTJhNCJ9 --- .../google/cloud/securitycenter/__init__.py | 16 +++ .../cloud/securitycenter_v1/__init__.py | 13 ++ .../services/security_center/async_client.py | 10 +- .../services/security_center/client.py | 11 +- .../security_center/transports/base.py | 16 ++- .../security_center/transports/grpc.py | 2 + .../transports/grpc_asyncio.py | 2 + .../cloud/securitycenter_v1/types/__init__.py | 13 ++ .../securitycenter_v1/types/compliance.py | 55 ++++++++ .../types/contact_details.py | 56 ++++++++ .../securitycenter_v1/types/exfiltration.py | 84 +++++++++++ .../cloud/securitycenter_v1/types/file.py | 79 +++++++++++ .../cloud/securitycenter_v1/types/finding.py | 60 +++++++- .../securitycenter_v1/types/indicator.py | 101 ++++++++++++++ .../securitycenter_v1/types/mitre_attack.py | 2 +- .../cloud/securitycenter_v1/types/process.py | 130 ++++++++++++++++++ .../services/security_center/client.py | 1 + .../security_center/transports/base.py | 16 ++- .../security_center/transports/grpc.py | 2 + .../transports/grpc_asyncio.py | 2 + .../services/security_center/client.py | 1 + .../security_center/transports/base.py | 16 ++- .../security_center/transports/grpc.py | 2 + .../transports/grpc_asyncio.py | 2 + packages/google-cloud-securitycenter/setup.py | 5 +- .../testing/constraints-3.6.txt | 12 -- .../testing/constraints-3.7.txt | 2 +- .../securitycenter_v1/test_security_center.py | 64 ++++++++- .../test_security_center.py | 52 +++++++ .../test_security_center.py | 52 +++++++ 30 files changed, 835 insertions(+), 44 deletions(-) create mode 100644 packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/compliance.py create mode 100644 packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/contact_details.py create mode 100644 packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/exfiltration.py create mode 100644 packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/file.py create mode 100644 packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/process.py delete mode 100644 packages/google-cloud-securitycenter/testing/constraints-3.6.txt diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py index 6021ddf1711a..c92bf1f4b387 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter/__init__.py @@ -23,8 +23,15 @@ from google.cloud.securitycenter_v1.types.access import Access, Geolocation from google.cloud.securitycenter_v1.types.asset import Asset from google.cloud.securitycenter_v1.types.bigquery_export import BigQueryExport +from google.cloud.securitycenter_v1.types.compliance import Compliance from google.cloud.securitycenter_v1.types.connection import Connection +from google.cloud.securitycenter_v1.types.contact_details import Contact, ContactDetails +from google.cloud.securitycenter_v1.types.exfiltration import ( + ExfilResource, + Exfiltration, +) from google.cloud.securitycenter_v1.types.external_system import ExternalSystem +from google.cloud.securitycenter_v1.types.file import File from google.cloud.securitycenter_v1.types.finding import Finding from google.cloud.securitycenter_v1.types.folder import Folder from google.cloud.securitycenter_v1.types.iam_binding import IamBinding @@ -38,6 +45,7 @@ from google.cloud.securitycenter_v1.types.organization_settings import ( OrganizationSettings, ) +from google.cloud.securitycenter_v1.types.process import EnvironmentVariable, Process from google.cloud.securitycenter_v1.types.resource import Resource from google.cloud.securitycenter_v1.types.run_asset_discovery_response import ( RunAssetDiscoveryResponse, @@ -103,8 +111,14 @@ "Geolocation", "Asset", "BigQueryExport", + "Compliance", "Connection", + "Contact", + "ContactDetails", + "ExfilResource", + "Exfiltration", "ExternalSystem", + "File", "Finding", "Folder", "IamBinding", @@ -114,6 +128,8 @@ "NotificationConfig", "NotificationMessage", "OrganizationSettings", + "EnvironmentVariable", + "Process", "Resource", "RunAssetDiscoveryResponse", "SecurityMarks", diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py index 5ab63a3834e7..1c989b555bdf 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/__init__.py @@ -18,8 +18,12 @@ from .types.access import Access, Geolocation from .types.asset import Asset from .types.bigquery_export import BigQueryExport +from .types.compliance import Compliance from .types.connection import Connection +from .types.contact_details import Contact, ContactDetails +from .types.exfiltration import ExfilResource, Exfiltration from .types.external_system import ExternalSystem +from .types.file import File from .types.finding import Finding from .types.folder import Folder from .types.iam_binding import IamBinding @@ -29,6 +33,7 @@ from .types.notification_config import NotificationConfig from .types.notification_message import NotificationMessage from .types.organization_settings import OrganizationSettings +from .types.process import EnvironmentVariable, Process from .types.resource import Resource from .types.run_asset_discovery_response import RunAssetDiscoveryResponse from .types.security_marks import SecurityMarks @@ -87,7 +92,10 @@ "BigQueryExport", "BulkMuteFindingsRequest", "BulkMuteFindingsResponse", + "Compliance", "Connection", + "Contact", + "ContactDetails", "CreateBigQueryExportRequest", "CreateFindingRequest", "CreateMuteConfigRequest", @@ -98,7 +106,11 @@ "DeleteBigQueryExportRequest", "DeleteMuteConfigRequest", "DeleteNotificationConfigRequest", + "EnvironmentVariable", + "ExfilResource", + "Exfiltration", "ExternalSystem", + "File", "Finding", "Folder", "Geolocation", @@ -131,6 +143,7 @@ "NotificationConfig", "NotificationMessage", "OrganizationSettings", + "Process", "Reference", "Resource", "RunAssetDiscoveryRequest", diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py index 66489e75405b..d7d5a114db29 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/async_client.py @@ -40,8 +40,15 @@ from google.protobuf import timestamp_pb2 # type: ignore from google.cloud.securitycenter_v1.services.security_center import pagers -from google.cloud.securitycenter_v1.types import access, bigquery_export, connection +from google.cloud.securitycenter_v1.types import ( + access, + bigquery_export, + compliance, + connection, + exfiltration, +) from google.cloud.securitycenter_v1.types import iam_binding, indicator, mitre_attack +from google.cloud.securitycenter_v1.types import process, run_asset_discovery_response from google.cloud.securitycenter_v1.types import external_system as gcs_external_system from google.cloud.securitycenter_v1.types import ( notification_config as gcs_notification_config, @@ -56,7 +63,6 @@ from google.cloud.securitycenter_v1.types import mute_config as gcs_mute_config from google.cloud.securitycenter_v1.types import notification_config from google.cloud.securitycenter_v1.types import organization_settings -from google.cloud.securitycenter_v1.types import run_asset_discovery_response from google.cloud.securitycenter_v1.types import security_marks from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py index 9de82d0495fe..ae5eb0bdb877 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/client.py @@ -43,8 +43,15 @@ from google.protobuf import timestamp_pb2 # type: ignore from google.cloud.securitycenter_v1.services.security_center import pagers -from google.cloud.securitycenter_v1.types import access, bigquery_export, connection +from google.cloud.securitycenter_v1.types import ( + access, + bigquery_export, + compliance, + connection, + exfiltration, +) from google.cloud.securitycenter_v1.types import iam_binding, indicator, mitre_attack +from google.cloud.securitycenter_v1.types import process, run_asset_discovery_response from google.cloud.securitycenter_v1.types import external_system as gcs_external_system from google.cloud.securitycenter_v1.types import ( notification_config as gcs_notification_config, @@ -59,7 +66,6 @@ from google.cloud.securitycenter_v1.types import mute_config as gcs_mute_config from google.cloud.securitycenter_v1.types import notification_config from google.cloud.securitycenter_v1.types import organization_settings -from google.cloud.securitycenter_v1.types import run_asset_discovery_response from google.cloud.securitycenter_v1.types import security_marks from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source @@ -632,6 +638,7 @@ def __init__( quota_project_id=client_options.quota_project_id, client_info=client_info, always_use_jwt_access=True, + api_audience=client_options.api_audience, ) def bulk_mute_findings( diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py index 2dba334fceed..abd748d0cbf7 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/base.py @@ -75,6 +75,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, **kwargs, ) -> None: """Instantiate the transport. @@ -102,11 +103,6 @@ def __init__( be used for service account credentials. """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ":" not in host: - host += ":443" - self._host = host - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} # Save the scopes. @@ -127,6 +123,11 @@ def __init__( credentials, _ = google.auth.default( **scopes_kwargs, quota_project_id=quota_project_id ) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience( + api_audience if api_audience else host + ) # If the credentials are service account credentials, then always try to use self signed JWT. if ( @@ -139,6 +140,11 @@ def __init__( # Save the credentials. self._credentials = credentials + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py index aff9a3231f67..7926759ddb4d 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py @@ -78,6 +78,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -174,6 +175,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py index cd3dd78f2a05..6cb585c4425b 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py @@ -123,6 +123,7 @@ def __init__( quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -219,6 +220,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py index 99528e69167d..8303395eea43 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/__init__.py @@ -16,8 +16,12 @@ from .access import Access, Geolocation from .asset import Asset from .bigquery_export import BigQueryExport +from .compliance import Compliance from .connection import Connection +from .contact_details import Contact, ContactDetails +from .exfiltration import ExfilResource, Exfiltration from .external_system import ExternalSystem +from .file import File from .finding import Finding from .folder import Folder from .iam_binding import IamBinding @@ -27,6 +31,7 @@ from .notification_config import NotificationConfig from .notification_message import NotificationMessage from .organization_settings import OrganizationSettings +from .process import EnvironmentVariable, Process from .resource import Resource from .run_asset_discovery_response import RunAssetDiscoveryResponse from .security_marks import SecurityMarks @@ -83,8 +88,14 @@ "Geolocation", "Asset", "BigQueryExport", + "Compliance", "Connection", + "Contact", + "ContactDetails", + "ExfilResource", + "Exfiltration", "ExternalSystem", + "File", "Finding", "Folder", "IamBinding", @@ -94,6 +105,8 @@ "NotificationConfig", "NotificationMessage", "OrganizationSettings", + "EnvironmentVariable", + "Process", "Resource", "RunAssetDiscoveryResponse", "SecurityMarks", diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/compliance.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/compliance.py new file mode 100644 index 000000000000..b096b6fa6230 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/compliance.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "Compliance", + }, +) + + +class Compliance(proto.Message): + r"""Contains compliance information about a security standard + indicating unmet recommendations. + + Attributes: + standard (str): + Refers to industry wide standards or + benchmarks e.g. "cis", "pci", "owasp", etc. + version (str): + Version of the standard/benchmark e.g. 1.1 + ids (Sequence[str]): + Policies within the standard/benchmark e.g. + A.12.4.1 + """ + + standard = proto.Field( + proto.STRING, + number=1, + ) + version = proto.Field( + proto.STRING, + number=2, + ) + ids = proto.RepeatedField( + proto.STRING, + number=3, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/contact_details.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/contact_details.py new file mode 100644 index 000000000000..d74a54e63353 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/contact_details.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "ContactDetails", + "Contact", + }, +) + + +class ContactDetails(proto.Message): + r"""The details pertaining to specific contacts + + Attributes: + contacts (Sequence[google.cloud.securitycenter_v1.types.Contact]): + A list of contacts + """ + + contacts = proto.RepeatedField( + proto.MESSAGE, + number=1, + message="Contact", + ) + + +class Contact(proto.Message): + r"""Representa a single contact's email address + + Attributes: + email (str): + An email address e.g. "person123@company.com". + """ + + email = proto.Field( + proto.STRING, + number=1, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/exfiltration.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/exfiltration.py new file mode 100644 index 000000000000..f7c4e71d97d5 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/exfiltration.py @@ -0,0 +1,84 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "Exfiltration", + "ExfilResource", + }, +) + + +class Exfiltration(proto.Message): + r"""Exfiltration represents a data exfiltration attempt of one or + more sources to one or more targets. Sources represent the + source of data that is exfiltrated, and Targets represents the + destination the data was copied to. + + Attributes: + sources (Sequence[google.cloud.securitycenter_v1.types.ExfilResource]): + If there are multiple sources, then the data + is considered "joined" between them. For + instance, BigQuery can join multiple tables, and + each table would be considered a source. + targets (Sequence[google.cloud.securitycenter_v1.types.ExfilResource]): + If there are multiple targets, each target + would get a complete copy of the "joined" source + data. + """ + + sources = proto.RepeatedField( + proto.MESSAGE, + number=1, + message="ExfilResource", + ) + targets = proto.RepeatedField( + proto.MESSAGE, + number=2, + message="ExfilResource", + ) + + +class ExfilResource(proto.Message): + r"""Resource that has been exfiltrated or exfiltrated_to. + + Attributes: + name (str): + Resource's URI + (https://google.aip.dev/122#full-resource-names) + components (Sequence[str]): + Subcomponents of the asset that is + exfiltrated - these could be URIs used during + exfiltration, table names, databases, filenames, + etc. For example, multiple tables may be + exfiltrated from the same CloudSQL instance, or + multiple files from the same Cloud Storage + bucket. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + components = proto.RepeatedField( + proto.STRING, + number=2, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/file.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/file.py new file mode 100644 index 000000000000..64d65725418e --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/file.py @@ -0,0 +1,79 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "File", + }, +) + + +class File(proto.Message): + r"""File information about the related binary/library used by an + executable, or the script used by a script interpreter + + Attributes: + path (str): + Absolute path of the file as a JSON encoded + string. + size (int): + Size of the file in bytes. + sha256 (str): + SHA256 hash of the first hashed_size bytes of the file + encoded as a hex string. If hashed_size == size, sha256 + represents the SHA256 hash of the entire file. + hashed_size (int): + The length in bytes of the file prefix that was hashed. If + hashed_size == size, any hashes reported represent the + entire file. + partially_hashed (bool): + True when the hash covers only a prefix of + the file. + contents (str): + Prefix of the file contents as a JSON encoded + string. (Currently only populated for Malicious + Script Executed findings.) + """ + + path = proto.Field( + proto.STRING, + number=1, + ) + size = proto.Field( + proto.INT64, + number=2, + ) + sha256 = proto.Field( + proto.STRING, + number=3, + ) + hashed_size = proto.Field( + proto.INT64, + number=4, + ) + partially_hashed = proto.Field( + proto.BOOL, + number=5, + ) + contents = proto.Field( + proto.STRING, + number=6, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py index 98c651797636..9793c9e561a2 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/finding.py @@ -17,16 +17,15 @@ from google.protobuf import timestamp_pb2 # type: ignore import proto # type: ignore -from google.cloud.securitycenter_v1.types import ( - connection, - external_system, - iam_binding, -) +from google.cloud.securitycenter_v1.types import compliance, connection, contact_details +from google.cloud.securitycenter_v1.types import exfiltration as gcs_exfiltration from google.cloud.securitycenter_v1.types import mitre_attack as gcs_mitre_attack from google.cloud.securitycenter_v1.types import security_marks as gcs_security_marks from google.cloud.securitycenter_v1.types import vulnerability as gcs_vulnerability from google.cloud.securitycenter_v1.types import access as gcs_access +from google.cloud.securitycenter_v1.types import external_system, iam_binding from google.cloud.securitycenter_v1.types import indicator as gcs_indicator +from google.cloud.securitycenter_v1.types import process __protobuf__ = proto.module( package="google.cloud.securitycenter.v1", @@ -152,8 +151,38 @@ class Finding(proto.Message): muted the finding, user who muted the finding, etc. Unlike other attributes of a finding, a finding provider shouldn't set the value of mute. + processes (Sequence[google.cloud.securitycenter_v1.types.Process]): + Represents operating system processes + associated with the Finding. + contacts (Mapping[str, google.cloud.securitycenter_v1.types.ContactDetails]): + Output only. Map containing the point of contacts for the + given finding. The key represents the type of contact, while + the value contains a list of all the contacts that pertain. + Please refer to: + https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories + + :: + + { + "security": { + "contacts": [ + { + "email": "person1@company.com" + }, + { + "email": "person2@company.com" + } + ] + } + } + compliances (Sequence[google.cloud.securitycenter_v1.types.Compliance]): + Contains compliance information for security + standards associated to the finding. description (str): Contains more detail about the finding. + exfiltration (google.cloud.securitycenter_v1.types.Exfiltration): + Represents exfiltration associated with the + Finding. iam_bindings (Sequence[google.cloud.securitycenter_v1.types.IamBinding]): Represents IAM bindings associated with the Finding. @@ -296,10 +325,31 @@ class FindingClass(proto.Enum): proto.STRING, number=28, ) + processes = proto.RepeatedField( + proto.MESSAGE, + number=30, + message=process.Process, + ) + contacts = proto.MapField( + proto.STRING, + proto.MESSAGE, + number=33, + message=contact_details.ContactDetails, + ) + compliances = proto.RepeatedField( + proto.MESSAGE, + number=34, + message=compliance.Compliance, + ) description = proto.Field( proto.STRING, number=37, ) + exfiltration = proto.Field( + proto.MESSAGE, + number=38, + message=gcs_exfiltration.Exfiltration, + ) iam_bindings = proto.RepeatedField( proto.MESSAGE, number=39, diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py index 90c64e3c22e8..f6c7fa810b9a 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/indicator.py @@ -36,8 +36,104 @@ class Indicator(proto.Message): Finding. domains (Sequence[str]): List of domains associated to the Finding. + signatures (Sequence[google.cloud.securitycenter_v1.types.Indicator.ProcessSignature]): + The list of matched signatures indicating + that the given process is present in the + environment. """ + class ProcessSignature(proto.Message): + r"""Indicates what signature matched this process. + + This message has `oneof`_ fields (mutually exclusive fields). + For each oneof, at most one member field can be set at the same time. + Setting any member of the oneof automatically clears all other + members. + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + memory_hash_signature (google.cloud.securitycenter_v1.types.Indicator.ProcessSignature.MemoryHashSignature): + Signature indicating that a binary family was + matched. + + This field is a member of `oneof`_ ``signature``. + yara_rule_signature (google.cloud.securitycenter_v1.types.Indicator.ProcessSignature.YaraRuleSignature): + Signature indicating that a YARA rule was + matched. + + This field is a member of `oneof`_ ``signature``. + """ + + class MemoryHashSignature(proto.Message): + r"""A signature corresponding to memory page hashes. + + Attributes: + binary_family (str): + The binary family. + detections (Sequence[google.cloud.securitycenter_v1.types.Indicator.ProcessSignature.MemoryHashSignature.Detection]): + The list of memory hash detections + contributing to the binary family match. + """ + + class Detection(proto.Message): + r"""Memory hash detection contributing to the binary family + match. + + Attributes: + binary (str): + The name of the binary associated with the + memory hash signature detection. + percent_pages_matched (float): + The percentage of memory page hashes in the + signature that were matched. + """ + + binary = proto.Field( + proto.STRING, + number=2, + ) + percent_pages_matched = proto.Field( + proto.DOUBLE, + number=3, + ) + + binary_family = proto.Field( + proto.STRING, + number=1, + ) + detections = proto.RepeatedField( + proto.MESSAGE, + number=4, + message="Indicator.ProcessSignature.MemoryHashSignature.Detection", + ) + + class YaraRuleSignature(proto.Message): + r"""A signature corresponding to a YARA rule. + + Attributes: + yara_rule (str): + The name of the YARA rule. + """ + + yara_rule = proto.Field( + proto.STRING, + number=5, + ) + + memory_hash_signature = proto.Field( + proto.MESSAGE, + number=6, + oneof="signature", + message="Indicator.ProcessSignature.MemoryHashSignature", + ) + yara_rule_signature = proto.Field( + proto.MESSAGE, + number=7, + oneof="signature", + message="Indicator.ProcessSignature.YaraRuleSignature", + ) + ip_addresses = proto.RepeatedField( proto.STRING, number=1, @@ -46,6 +142,11 @@ class Indicator(proto.Message): proto.STRING, number=2, ) + signatures = proto.RepeatedField( + proto.MESSAGE, + number=3, + message=ProcessSignature, + ) __all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py index fa112fd39ae2..7de0015be623 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/mitre_attack.py @@ -75,7 +75,6 @@ class Tactic(proto.Enum): class Technique(proto.Enum): r"""MITRE ATT&CK techniques that can be referenced by SCC findings. See: https://attack.mitre.org/techniques/enterprise/ - Next ID: 31 """ TECHNIQUE_UNSPECIFIED = 0 ACTIVE_SCANNING = 1 @@ -108,6 +107,7 @@ class Technique(proto.Enum): MODIFY_AUTHENTICATION_PROCESS = 28 DATA_DESTRUCTION = 29 DOMAIN_POLICY_MODIFICATION = 30 + IMPAIR_DEFENSES = 31 primary_tactic = proto.Field( proto.ENUM, diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/process.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/process.py new file mode 100644 index 000000000000..9d0327473719 --- /dev/null +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1/types/process.py @@ -0,0 +1,130 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +from google.cloud.securitycenter_v1.types import file + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={ + "Process", + "EnvironmentVariable", + }, +) + + +class Process(proto.Message): + r"""Represents an operating system process. + + Attributes: + name (str): + The process name visible in utilities like ``top`` and + ``ps``; it can be accessed via ``/proc/[pid]/comm`` and + changed with ``prctl(PR_SET_NAME)``. + binary (google.cloud.securitycenter_v1.types.File): + File information for the process executable. + libraries (Sequence[google.cloud.securitycenter_v1.types.File]): + File information for libraries loaded by the + process. + script (google.cloud.securitycenter_v1.types.File): + When the process represents the invocation of a script, + ``binary`` provides information about the interpreter while + ``script`` provides information about the script file + provided to the interpreter. + args (Sequence[str]): + Process arguments as JSON encoded strings. + arguments_truncated (bool): + True if ``args`` is incomplete. + env_variables (Sequence[google.cloud.securitycenter_v1.types.EnvironmentVariable]): + Process environment variables. + env_variables_truncated (bool): + True if ``env_variables`` is incomplete. + pid (int): + The process id. + parent_pid (int): + The parent process id. + """ + + name = proto.Field( + proto.STRING, + number=12, + ) + binary = proto.Field( + proto.MESSAGE, + number=3, + message=file.File, + ) + libraries = proto.RepeatedField( + proto.MESSAGE, + number=4, + message=file.File, + ) + script = proto.Field( + proto.MESSAGE, + number=5, + message=file.File, + ) + args = proto.RepeatedField( + proto.STRING, + number=6, + ) + arguments_truncated = proto.Field( + proto.BOOL, + number=7, + ) + env_variables = proto.RepeatedField( + proto.MESSAGE, + number=8, + message="EnvironmentVariable", + ) + env_variables_truncated = proto.Field( + proto.BOOL, + number=9, + ) + pid = proto.Field( + proto.INT64, + number=10, + ) + parent_pid = proto.Field( + proto.INT64, + number=11, + ) + + +class EnvironmentVariable(proto.Message): + r"""EnvironmentVariable is a name-value pair to store environment + variables for Process. + + Attributes: + name (str): + Environment variable name as a JSON encoded + string. + val (str): + Environment variable value as a JSON encoded + string. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + val = proto.Field( + proto.STRING, + number=2, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py index 9f93d41b2e2e..863016afda2e 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/client.py @@ -521,6 +521,7 @@ def __init__( quota_project_id=client_options.quota_project_id, client_info=client_info, always_use_jwt_access=True, + api_audience=client_options.api_audience, ) def create_source( diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py index 95ff4c164584..e558392be01d 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py @@ -68,6 +68,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, **kwargs, ) -> None: """Instantiate the transport. @@ -95,11 +96,6 @@ def __init__( be used for service account credentials. """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ":" not in host: - host += ":443" - self._host = host - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} # Save the scopes. @@ -120,6 +116,11 @@ def __init__( credentials, _ = google.auth.default( **scopes_kwargs, quota_project_id=quota_project_id ) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience( + api_audience if api_audience else host + ) # If the credentials are service account credentials, then always try to use self signed JWT. if ( @@ -132,6 +133,11 @@ def __init__( # Save the credentials. self._credentials = credentials + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py index 1556167793ae..04151bdb2c17 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py @@ -71,6 +71,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -167,6 +168,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py index c9a583cbbd44..2aef9562a9b7 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py @@ -116,6 +116,7 @@ def __init__( quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -212,6 +213,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py index 560cd3cfc879..ac98e1b27b15 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/client.py @@ -564,6 +564,7 @@ def __init__( quota_project_id=client_options.quota_project_id, client_info=client_info, always_use_jwt_access=True, + api_audience=client_options.api_audience, ) def create_source( diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py index 0622595f5a2a..7accc85152d9 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py @@ -73,6 +73,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, **kwargs, ) -> None: """Instantiate the transport. @@ -100,11 +101,6 @@ def __init__( be used for service account credentials. """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ":" not in host: - host += ":443" - self._host = host - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} # Save the scopes. @@ -125,6 +121,11 @@ def __init__( credentials, _ = google.auth.default( **scopes_kwargs, quota_project_id=quota_project_id ) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience( + api_audience if api_audience else host + ) # If the credentials are service account credentials, then always try to use self signed JWT. if ( @@ -137,6 +138,11 @@ def __init__( # Save the credentials. self._credentials = credentials + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py index 48390bca21b6..355fd3f799fb 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py @@ -76,6 +76,7 @@ def __init__( quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -172,6 +173,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py index bea8c37617e3..d7f15fac4897 100644 --- a/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py +++ b/packages/google-cloud-securitycenter/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py @@ -121,6 +121,7 @@ def __init__( quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, ) -> None: """Instantiate the transport. @@ -217,6 +218,7 @@ def __init__( quota_project_id=quota_project_id, client_info=client_info, always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, ) if not self._grpc_channel: diff --git a/packages/google-cloud-securitycenter/setup.py b/packages/google-cloud-securitycenter/setup.py index 175fa24f065b..6ea9e1fb8a08 100644 --- a/packages/google-cloud-securitycenter/setup.py +++ b/packages/google-cloud-securitycenter/setup.py @@ -24,10 +24,7 @@ version = "1.11.1" release_status = "Development Status :: 5 - Production/Stable" dependencies = [ - # NOTE: Maintainers, please do not require google-api-core>=2.x.x - # Until this issue is closed - # https://github.com/googleapis/google-cloud-python/issues/10566 - "google-api-core[grpc] >= 1.31.5, <3.0.0dev,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.0", + "google-api-core[grpc] >= 1.32.0, <3.0.0dev,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*", "grpc-google-iam-v1 >= 0.12.4, <1.0.0dev", "proto-plus >= 1.15.0, <2.0.0dev", "protobuf >= 3.19.0, <4.0.0dev", diff --git a/packages/google-cloud-securitycenter/testing/constraints-3.6.txt b/packages/google-cloud-securitycenter/testing/constraints-3.6.txt deleted file mode 100644 index c4e0fd7dec6c..000000000000 --- a/packages/google-cloud-securitycenter/testing/constraints-3.6.txt +++ /dev/null @@ -1,12 +0,0 @@ -# This constraints file is used to check that lower bounds -# are correct in setup.py -# List *all* library dependencies and extras in this file. -# Pin the version to the lower bound. -# -# e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", -# Then this file should have foo==1.14.0 -google-api-core==1.31.5 -grpc-google-iam-v1==0.12.4 -proto-plus==1.15.0 -libcst==0.2.5 -protobuf==3.19.0 diff --git a/packages/google-cloud-securitycenter/testing/constraints-3.7.txt b/packages/google-cloud-securitycenter/testing/constraints-3.7.txt index c4e0fd7dec6c..39a7c58e1e8c 100644 --- a/packages/google-cloud-securitycenter/testing/constraints-3.7.txt +++ b/packages/google-cloud-securitycenter/testing/constraints-3.7.txt @@ -5,7 +5,7 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-api-core==1.31.5 +google-api-core==1.32.0 grpc-google-iam-v1==0.12.4 proto-plus==1.15.0 libcst==0.2.5 diff --git a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py index b1251c4eed27..968e09a59c36 100644 --- a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py +++ b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1/test_security_center.py @@ -60,8 +60,16 @@ pagers, transports, ) -from google.cloud.securitycenter_v1.types import access, bigquery_export, connection +from google.cloud.securitycenter_v1.types import ( + access, + bigquery_export, + compliance, + connection, + contact_details, + exfiltration, +) from google.cloud.securitycenter_v1.types import iam_binding, indicator, mitre_attack +from google.cloud.securitycenter_v1.types import process, run_asset_discovery_response from google.cloud.securitycenter_v1.types import external_system as gcs_external_system from google.cloud.securitycenter_v1.types import ( notification_config as gcs_notification_config, @@ -71,13 +79,13 @@ ) from google.cloud.securitycenter_v1.types import security_marks as gcs_security_marks from google.cloud.securitycenter_v1.types import external_system +from google.cloud.securitycenter_v1.types import file from google.cloud.securitycenter_v1.types import finding from google.cloud.securitycenter_v1.types import finding as gcs_finding from google.cloud.securitycenter_v1.types import mute_config from google.cloud.securitycenter_v1.types import mute_config as gcs_mute_config from google.cloud.securitycenter_v1.types import notification_config from google.cloud.securitycenter_v1.types import organization_settings -from google.cloud.securitycenter_v1.types import run_asset_discovery_response from google.cloud.securitycenter_v1.types import security_marks from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source @@ -263,6 +271,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -280,6 +289,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -297,6 +307,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -326,6 +337,25 @@ def test_security_center_client_client_options( quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions( + api_audience="https://language.googleapis.com" + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com", ) @@ -393,6 +423,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -427,6 +458,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -449,6 +481,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -563,6 +596,7 @@ def test_security_center_client_client_options_scopes( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -601,6 +635,7 @@ def test_security_center_client_client_options_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -621,6 +656,7 @@ def test_security_center_client_client_options_from_dict(): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -659,6 +695,7 @@ def test_security_center_client_create_channel_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # test that the credentials from file are saved and used as the credentials. @@ -11547,6 +11584,28 @@ def test_security_center_transport_auth_adc(transport_class): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + @pytest.mark.parametrize( "transport_class,grpc_helpers", [ @@ -12267,4 +12326,5 @@ def test_api_key_credentials(client_class, transport_class): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) diff --git a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py index 804633e9725b..3a734aa54cc8 100644 --- a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py +++ b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py @@ -253,6 +253,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -270,6 +271,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -287,6 +289,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -316,6 +319,25 @@ def test_security_center_client_client_options( quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions( + api_audience="https://language.googleapis.com" + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com", ) @@ -383,6 +405,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -417,6 +440,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -439,6 +463,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -553,6 +578,7 @@ def test_security_center_client_client_options_scopes( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -591,6 +617,7 @@ def test_security_center_client_client_options_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -611,6 +638,7 @@ def test_security_center_client_client_options_from_dict(): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -649,6 +677,7 @@ def test_security_center_client_create_channel_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # test that the credentials from file are saved and used as the credentials. @@ -6099,6 +6128,28 @@ def test_security_center_transport_auth_adc(transport_class): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + @pytest.mark.parametrize( "transport_class,grpc_helpers", [ @@ -6692,4 +6743,5 @@ def test_api_key_credentials(client_class, transport_class): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) diff --git a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py index fba9d9be3031..8571956d8cb1 100644 --- a/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py +++ b/packages/google-cloud-securitycenter/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py @@ -258,6 +258,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -275,6 +276,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -292,6 +294,7 @@ def test_security_center_client_client_options( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -321,6 +324,25 @@ def test_security_center_client_client_options( quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions( + api_audience="https://language.googleapis.com" + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com", ) @@ -388,6 +410,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -422,6 +445,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -444,6 +468,7 @@ def test_security_center_client_mtls_env_auto( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -558,6 +583,7 @@ def test_security_center_client_client_options_scopes( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -596,6 +622,7 @@ def test_security_center_client_client_options_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -616,6 +643,7 @@ def test_security_center_client_client_options_from_dict(): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) @@ -654,6 +682,7 @@ def test_security_center_client_create_channel_credentials_file( quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, ) # test that the credentials from file are saved and used as the credentials. @@ -7903,6 +7932,28 @@ def test_security_center_transport_auth_adc(transport_class): ) +@pytest.mark.parametrize( + "transport_class", + [ + transports.SecurityCenterGrpcTransport, + transports.SecurityCenterGrpcAsyncIOTransport, + ], +) +def test_security_center_transport_auth_gdch_credentials(transport_class): + host = "https://language.com" + api_audience_tests = [None, "https://language2.com"] + api_audience_expect = [host, "https://language2.com"] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, "default", autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock( + return_value=gdch_mock + ) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with(e) + + @pytest.mark.parametrize( "transport_class,grpc_helpers", [ @@ -8546,4 +8597,5 @@ def test_api_key_credentials(client_class, transport_class): quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, always_use_jwt_access=True, + api_audience=None, )